The invention provides a power grid industrial control security collaborative monitoring method and device based on deep protocol analysis. The power grid industrial control security collaborative monitoring method comprises the steps of collecting a plurality of data packets in a power grid industrial control system; establishing a strategy library composed of rules for known attacks and scripts for unknown attacks; carrying out protocol analysis on the plurality of data packets to generate protocol abnormity events; aggregating the protocol abnormity events to generate aggregated alarm groups; and generating a security threat assessment result according to the strategy library and the aggregated alarm groups. According to the method and the device, security threats is effectively identified, positioned and assessed; comprehensive protection is realized; the security monitoring precision of the power grid industrial control system is improved; and the security monitoring expandability is improved.